summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-09-16 02:03:46 +0200
committerStefan Metzmacher <metze@samba.org>2009-09-16 12:29:06 +0200
commit033ced60ac734161686bd3da685f2d7b056e17c8 (patch)
tree30986b71cee0e153c105ef1fed8b93d3a7322fab /source3
parent8f482ae663611ee2109395e4d24418e4c4f57160 (diff)
downloadsamba-033ced60ac734161686bd3da685f2d7b056e17c8.tar.gz
samba-033ced60ac734161686bd3da685f2d7b056e17c8.tar.bz2
samba-033ced60ac734161686bd3da685f2d7b056e17c8.zip
libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES. metze
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_client/cli_pipe.c41
-rw-r--r--source3/rpc_server/srv_pipe.c44
2 files changed, 51 insertions, 34 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 393c7260d9..186696fbbc 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -676,6 +676,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
uint32 save_offset = prs_offset(current_pdu);
struct schannel_state *schannel_auth =
cli->auth->a_u.schannel_auth;
+ uint8_t *data;
uint32 data_len;
DATA_BLOB blob;
NTSTATUS status;
@@ -727,20 +728,24 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
+ data = (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN;
+
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_unseal_packet(schannel_auth,
+ status = netsec_incoming_packet(schannel_auth,
talloc_tos(),
- (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
+ true,
+ data,
data_len,
&blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_check_packet(schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
- data_len,
- &blob);
+ status = netsec_incoming_packet(schannel_auth,
+ talloc_tos(),
+ false,
+ data,
+ data_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
@@ -1948,18 +1953,20 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_seal_packet(sas,
- talloc_tos(),
- (uint8_t *)data_p,
- data_and_pad_len,
- &blob);
+ status = netsec_outgoing_packet(sas,
+ talloc_tos(),
+ true,
+ (uint8_t *)data_p,
+ data_and_pad_len,
+ &blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_sign_packet(sas,
- talloc_tos(),
- (uint8_t *)data_p,
- data_and_pad_len,
- &blob);
+ status = netsec_outgoing_packet(sas,
+ talloc_tos(),
+ false,
+ (uint8_t *)data_p,
+ data_and_pad_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 1bd170f901..627dac0f82 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -411,6 +411,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
*/
RPC_HDR_AUTH auth_info;
DATA_BLOB blob;
+ uint8_t *data;
/* Check it's the type of reply we were expecting to decode */
@@ -427,20 +428,24 @@ static bool create_next_pdu_schannel(pipes_struct *p)
return False;
}
+ data = (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos;
+
switch (p->auth.auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_seal_packet(p->auth.a_u.schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos,
- data_len + ss_padding_len,
- &blob);
+ status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+ talloc_tos(),
+ true,
+ data,
+ data_len + ss_padding_len,
+ &blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_sign_packet(p->auth.a_u.schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos,
- data_len + ss_padding_len,
- &blob);
+ status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+ talloc_tos(),
+ false,
+ data,
+ data_len + ss_padding_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
@@ -2162,6 +2167,7 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
RPC_HDR_AUTH auth_info;
DATA_BLOB blob;
NTSTATUS status;
+ uint8_t *data;
auth_len = p->hdr.auth_len;
@@ -2215,20 +2221,24 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
+ data = (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN;
+
switch (auth_info.auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_unseal_packet(p->auth.a_u.schannel_auth,
+ status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
talloc_tos(),
- (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN,
+ true,
+ data,
data_len,
&blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_check_packet(p->auth.a_u.schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN,
- data_len,
- &blob);
+ status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
+ talloc_tos(),
+ false,
+ data,
+ data_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;